Specter, Nine Months discussed on Security Now

Security Now


However a a an organization known as a v test which is an independent organisation of that which evaluates in rates anti virus and security suite software for microsoft windows an android uh platforms uh has been monitoring an increase in heat on hits by a vis software on the known patterns used by meltdown and specter by january 17th of last month so middle of the month av test reported it had seen seventy seven separate mala where samples related to the meltdown and specter cpu vulnerabilities by the 23rd that number seventy seven had grown to one hundred nineteen and by last wednesday which was january 31st last day of the month of january they had collected a total of one hundred thirty nine samples from various sources researchers testers nav come police these are these do not appear to be weaponized active in ill like success full a data exfiltration but this is the beginning so what we're seeing what this looks like is this is clearly on the radar of every attacker every mouth where author worst there salt um we were just talking at the beginning of the podcast about the fact that eternal blew a now long since nine months ago patched uh you know windows vulnerability is in active youths today it seems obvious that that these sorts of vulnerability is the meltdown inspector vulnerabilities which have not yet been weaponized are going to be and and what's necessary is to somehow a range to get code to run on a platform as we've always said shared hosting is the biggest problem but there's one place where code kamron kant would joke a easily from a remote source and that's in our browsers both java script and web assembly are two ways that you are that your computer is running code from someone else now obviously gugel as on top of this dave got bet dare dare i'm ready to pull.

Coming up next